Before I show you how, I want to give you a few words of caution. Installing a certificate authority is not a process to be taken lightly. If someone gains unauthorized access to your certificate authority, they pretty much own your network. Likewise, if a certificate authority server crashes, it can be devastating to your network, because a crash means losing certificates that have been used for encryption and/or authentication. Therefore, you must make sure that the server is as secure as possible and that you perform full system backups frequently. You must also protect your backup tapes so that they are not accidentally compromised.
Install Windows Server 2003 Enterprise Edition onto the server that you will be using as a certificate authority, and join the server to your domain. Once Windows is up and running, select the "Add/Remove Programs" option from the Control Panel and click the "Add/Remove Windows Components" button. Select the "Certificate Services" option from the list of Windows components. When you do, you will see a warning message indicating that after the certificate services are installed, you won't be able to rename the machine or change its group membership. Click "Yes" to acknowledge the warning and then click "Next" to begin installing the certificate authority. The following screen asks you which type of certificate authority that you want to install. Choose the "Enterprise Root CA" option and click "Next." You will now be prompted to enter a common name for the certificate authority that you are creating. You must also select a certificate validity period. The default setting allows certificates to be valid for five years, but you can increase or decrease this time frame according to your own corporate security policy.
Click "Next" and Windows will begin generating cryptographic keys. When the process completes, the wizard will prompt you to enter a location for the certificate database. You can use the default location unless you prefer to place the databases onto a volume with better performance or fault tolerance and click "Next." You will now see a message asking if Windows may restart the IIS services. Click "Yes" and Windows will restart IIS and install the necessary components.
How to create a VPN for your wireless network
Step 1: Server requirements
Step 2: Server placement
Step 3: Setting up the certificate authority
Step 4: Configuring the authentication server
Step 5: Configuring the VPN server
Step 6: Configuring wireless clients
|ABOUT THE AUTHOR:|
| Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.
Copyright 2005 TechTarget